Everardo Padilla

**Name of the Vulnerable Software and Affected Versions** sketchsvg versions all **Description** The issue is related to Arbitrary Code Injection when invoking `shell.exec` without proper sanitization or parametrization, specifically while concatenating the current directory as part of the command string. This allows for potential code injection attacks. **Recommendations** For all versions, consider disabling the `shell.exec` function until a patch is available to prevent Arbitrary Code Injection attacks. Restrict access to sensitive directories and ensure proper sanitization and parametrization of command strings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Helix versions 0.8.0 through 1.0.4 **Description** The issue is related to a URL Redirection to Untrusted Site ('Open Redirect') vulnerability in the Apache Helix UI component. This vulnerability affects all releases of Apache Helix from 0.8.0 to 1.0.4. The problem was caused by an improperly designed forward component for UI embedding. **Recommendations** For versions 0.8.0 through 1.0.4, upgrade to version 1.1.0 to fix the issue. As a temporary workaround, consider removing the forward component since it was improperly designed for UI embedding.